Re: Laptop - Full Disk Encryption? (Booting defeats FDE)
- From: Ansgar -59cobalt- Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
- Date: Wed, 24 Oct 2007 02:15:58 +0200
On 2007-10-23 Bill Stout wrote:
How to defeat full disk encryption: Boot up
Wow, you mean disk encryption won't protect from attack vectors it
wasn't designed to protect from in the first place? Big surprise here.
Not.
[...]
For protection of data on the computer _after_ it's running, you may
consider products that offer more granular file-level encryption like
Credant Technologies or Information Security Corp. These products
encrypt what's important (user files and temp files), but allow for
standard support, backup and recovery practices.
For protection of data on the computer _after_ it's running, you have a
kernel which implements and enforces access controls and privileges.
Besides, how do those file-level encryption systems make sure every kind
of temporary data an application may create on the disk is encrypted?
How do they ensure no unencrypted user data is left after the encryption
system is put in place? How do they handle paged data? How do they
handle (read "ensure confidentiality of") the keys?
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
- Follow-Ups:
- Bootable flash/USB/thumb drive
- From: Bob Chekoudjian
- Bootable flash/USB/thumb drive
- References:
- Laptop - Full Disk Encryption?
- From: fac51
- Re: Laptop - Full Disk Encryption? (Booting defeats FDE)
- From: Bill Stout
- Laptop - Full Disk Encryption?
- Prev by Date: Re: Failover internet connections, and implementation...
- Next by Date: Re: Failover internet connections, and implementation...
- Previous by thread: Re: Laptop - Full Disk Encryption? (Booting defeats FDE)
- Next by thread: Bootable flash/USB/thumb drive
- Index(es):
Relevant Pages
|
